Latest Stories

Stay up-to-date with everything at Approach

Blog article

Weekly Digest Week 17 – 2024

Publication date

26.04.2024

Featured Story

ArcaneDoor – New Espionage-Focused Campaign Found Targeting Perimeter Network Devices

ArcaneDoor is the latest example of a state-sponsored espionage campaign targeting perimeter network devices from multiple vendors. These devices, serving as critical gateways into and out of networks, offer high-value entry points for attackers aiming to reroute, intercept, or manipulate traffic. The campaign has reportedly impacted government and critical infrastructure networks globally.

Actors identified as UAT4356 and STORM-1849 exploited critical Cisco ASA vulnerabilities (CVE-2024-20353 and CVE-2024-20359), deploying custom tools “Line Runner” and “Line Dancer” to gain persistence and perform malicious activities without detection.

SOC Analysis: The ArcaneDoor campaign illustrates a serious threat posed by nation-state actors focusing on network edge devices. Exploitation of Cisco ASA vulnerabilities, with customized tooling and sophisticated tactics, reinforces the urgent need for timely patching, strong access controls, and proactive network monitoring. Sharing intelligence across sectors is essential to defend against such high-level threats.

Other Stories

WARNING: CrushFTP <11.1.0 Vulnerability Allows System File Download

CrushFTP versions below 11.1.0 contain a critical flaw that lets users escape the virtual file system (VFS) and download arbitrary system files. While a DMZ setup offers partial protection, the vulnerability is confirmed to be actively exploited. Patch 11.1.0 mitigates the issue.

SOC Analysis: With active exploitation observed, organizations should patch immediately. It’s also vital to verify for signs of compromise post-patch and consider further hardening as recommended by the vendor. If your setup involves sensitive file storage, this is a critical exposure.

Vulnerability Exploitation on the Rise as Attackers Ditch Phishing

Mandiant’s M-Trends 2024 report reveals that attackers are increasingly exploiting vulnerabilities over phishing to gain network access. In 2023, 38% of intrusions started from vulnerability exploitation, while phishing dropped to 17%.

SOC Analysis: The shift towards zero-day and known vulnerability exploitation signals the need for proactive vulnerability management. With 97 unique zero-days recorded in 2023, organizations must reduce patching windows, automate updates where possible, and improve internal threat detection.

New FPS Economy Website: www.stoparnaques.be

The Belgian FPS Economy has launched www.stoparnaques.be, a centralized platform to help citizens recognize and protect themselves from common online scams. The site includes practical advice, scam examples, and prevention strategies.

SOC Analysis: This initiative is a strong tool to raise cybersecurity awareness across the general public. We recommend sharing it with friends, family, and colleagues as a way to reduce scam victimization rates across Belgium. It’s especially valuable for those less tech-savvy.

Want to enhance your organization’s cyber awareness or compliance strategy? Contact the Approach Cyber SOC team for tailored support and training programs.

OTHER STORIES

Weekly Digest Week 11 – 2025

Weekly Digest Week 10 – 2025

Weekly Digest Week 8 – 2025

Contact us to learn more about our services and solutions

Our team will help you start your journey towards cyber serenity

Do you prefer to send us an email?

info@approach-cyber.com

Facebook-f Linkedin-in Youtube

Our certifications & labels

Facebook-f Linkedin-in Youtube